You are managing an Azure subscription that hosts multiple virtual machines, with external access to ports 3389 (RDP) and 22 (SSH) disabled to enhance security. Your objective is to develop a solution that allows administrators to access these virtual machines securely for remote management. The solution should fulfill the following criteria:

• Avoid enabling ports 3389 and 22 from the internet.
• Grant access to the virtual machines only when necessary.
• Ensure administrators utilize the Azure portal for connecting to the virtual machines.

Which two actions should be part of your solution? Each correct action contributes to the solution. NOTE: Each correct selection is worth one point.

A. Configure Azure VPN Gateway. B. Enable Just Enough Administration (JEA). C. Configure Azure Bastion. D. Enable just-in-time (JIT) VM access. E. Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM) roles as virtual machine contributors.